ansible-role-ssh-ca/README.md

# ansible-role-ssh-ca

Ansible role to deploy a basic SSH certificate authority.

It is implemented as a simple wrapper above ssh-keygen, which is deployed on a server.
It supports issuing host certificates as well as user certificates.

## Limitations

I currently only use this in my home lab, and it should not be used in more critical environments.
Notable, it has the following limitations:

- No expiration date and no mechanism to issue new certificates
- No mechanism to revoke certificates
- No mechanism to roll over CA key pair

## Usage

The following variables must be set before calling the role:

- `ssh_ca_dir`: Working directory for the certificate authority
- `ssh_ca_key_pairs`: List of CA key pairs
  - `name`: File name of the CA key pair
  - `public_key`: Public key contents on the key pair
  - `private_key`: Private key contents on the key pair
init 2023-04-23 21:34:36 +00:00			`# ansible-role-ssh-ca`

			`Ansible role to deploy a basic SSH certificate authority.`

			`It is implemented as a simple wrapper above ssh-keygen, which is deployed on a server.`
			`It supports issuing host certificates as well as user certificates.`

			`## Limitations`

			`I currently only use this in my home lab, and it should not be used in more critical environments.`
			`Notable, it has the following limitations:`

			`- No expiration date and no mechanism to issue new certificates`
			`- No mechanism to revoke certificates`
			`- No mechanism to roll over CA key pair`

			`## Usage`

			`The following variables must be set before calling the role:`

			- `ssh_ca_dir`: Working directory for the certificate authority
Update 'README.md' 2023-04-25 16:55:40 +00:00			- `ssh_ca_key_pairs`: List of CA key pairs
support for arbitrary number of CA key pair 2023-04-25 15:45:23 +00:00			- `name`: File name of the CA key pair
			- `public_key`: Public key contents on the key pair
			- `private_key`: Private key contents on the key pair